October 23, 2007 at 9:22 am
I hope I am not just overlooking something obvious, but I am at a loss as to why login logging is being written to both the SQL Server logs and the system application event logs. In Enterprise Manager, the Audit level is set to None, and as far as I know (I am working remotely with this server) nobody has recently changed this setting. I am also quite sure that the server has been stopped and restarted more than one time recently with this setting in effect. I also checked the registry as a sanity check and the value for Audit level is 0. However huge numbers of login messages are still being posted to both logs - event 17055 in application log, various "trusted", "non-trusted" posts in the server logs. Is there ANY other way that this audit logging could be started via something other than normal server restart?
October 23, 2007 at 12:18 pm
As far as I know, when you change the audit level setting via EM or windows registry, the changes will be taken place only after you perform:
a) server reboot
or
b) stop and start SQL services
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply